From: Remi Gacogne Date: Mon, 12 Nov 2018 16:31:12 +0000 (+0100) Subject: dnsdist: Add a 'disableZeroScope' option to the `newServer` command X-Git-Tag: rec-4.2.0-alpha1~42^2~4 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=996db8e9b3cdd946ef6c19d50b187f3154e8132f;p=thirdparty%2Fpdns.git dnsdist: Add a 'disableZeroScope' option to the `newServer` command --- diff --git a/pdns/dnsdist-lua.cc b/pdns/dnsdist-lua.cc index 6b46afbc10..1dad292712 100644 --- a/pdns/dnsdist-lua.cc +++ b/pdns/dnsdist-lua.cc @@ -348,6 +348,10 @@ void setupLuaConfig(bool client) ret->useECS=boost::get(vars["useClientSubnet"]); } + if(vars.count("disableZeroScope")) { + ret->disableZeroScope=boost::get(vars["disableZeroScope"]); + } + if(vars.count("ipBindAddrNoPort")) { ret->ipBindAddrNoPort=boost::get(vars["ipBindAddrNoPort"]); } diff --git a/pdns/dnsdist-tcp.cc b/pdns/dnsdist-tcp.cc index b2ccfe5c56..777865ff16 100644 --- a/pdns/dnsdist-tcp.cc +++ b/pdns/dnsdist-tcp.cc @@ -448,7 +448,7 @@ void tcpClientThread(int pipefd) if (dq.useECS && ((ds && ds->useECS) || (!ds && serverPool->getECS()))) { // we special case our cache in case a downstream explicitly gave us a universally valid response with a 0 scope - if (packetCache && !dq.skipCache && !ds->disableZeroScope && packetCache->isECSParsingEnabled()) { + if (packetCache && !dq.skipCache && (!ds || !ds->disableZeroScope) && packetCache->isECSParsingEnabled()) { if (packetCache->get(dq, consumed, dq.dh->id, cachedResponse, &cachedResponseSize, &cacheKeyNoECS, subnet, dnssecOK, allowExpired)) { DNSResponse dr(dq.qname, dq.qtype, dq.qclass, dq.consumed, dq.local, dq.remote, (dnsheader*) cachedResponse, sizeof cachedResponse, cachedResponseSize, true, &queryRealTime); #ifdef HAVE_PROTOBUF diff --git a/pdns/dnsdist.cc b/pdns/dnsdist.cc index a6c7899071..8765fde428 100644 --- a/pdns/dnsdist.cc +++ b/pdns/dnsdist.cc @@ -1451,7 +1451,7 @@ static void processUDPQuery(ClientState& cs, LocalHolders& holders, const struct if (dq.useECS && ((ss && ss->useECS) || (!ss && serverPool->getECS()))) { // we special case our cache in case a downstream explicitly gave us a universally valid response with a 0 scope - if (packetCache && !dq.skipCache && !ss->disableZeroScope && packetCache->isECSParsingEnabled()) { + if (packetCache && !dq.skipCache && (!ss || !ss->disableZeroScope) && packetCache->isECSParsingEnabled()) { if (packetCache->get(dq, consumed, dh->id, query, &cachedResponseSize, &cacheKeyNoECS, subnet, dnssecOK, allowExpired)) { sendAndEncryptUDPResponse(holders, cs, dq, query, cachedResponseSize, dnsCryptQuery, delayMsec, dest, responsesVect, queuedResponses, respIOV, respCBuf, true); return; diff --git a/pdns/dnsdistdist/docs/reference/config.rst b/pdns/dnsdistdist/docs/reference/config.rst index 4c413fc8f1..3998faba27 100644 --- a/pdns/dnsdistdist/docs/reference/config.rst +++ b/pdns/dnsdistdist/docs/reference/config.rst @@ -349,7 +349,8 @@ Servers -- "address@interface", e.g. "192.0.2.2@eth0" addXPF=NUM, -- Add the client's IP address and port to the query, along with the original destination address and port, -- using the experimental XPF record from `draft-bellis-dnsop-xpf `_ and the specified option code. Default is disabled (0) - sockets=NUM -- Number of sockets (and thus source ports) used toward the backend server, defaults to a single one + sockets=NUM, -- Number of sockets (and thus source ports) used toward the backend server, defaults to a single one + disableZeroScope -- Disable the EDNS Client Subnet 'zero scope' feature, which does a cache lookup for an answer valid for all subnets (ECS scope of 0) before adding ECS information to the query and doing the regular lookup }) :param str server_string: A simple IP:PORT string.